Verify Content-Type from smart HTTP servers
Before parsing a suspected smart-HTTP response verify the returned Content-Type matches the standard. This protects a client from attempting to process a payload that smells like a smart-HTTP server response. JGit has been doing this check on all responses since the dawn of time. I mistakenly failed to include it in git-core when smart HTTP was introduced. At the time I didn't know how to get the Content-Type from libcurl. I punted, meant to circle back and fix this, and just plain forgot about it. Signed-off-by: Shawn Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Shawn Pearce
committed by
Junio C Hamano
Junio C Hamano
parent
e1b6ff44d6
commit
4656bf47fc
@ -157,6 +157,12 @@ test_expect_success 'GIT_SMART_HTTP can disable smart http' '
|
||||
test_must_fail git fetch)
|
||||
'
|
||||
|
||||
test_expect_success 'invalid Content-Type rejected' '
|
||||
echo "fatal: invalid content-type text/html" >expect
|
||||
test_must_fail git clone $HTTPD_URL/broken_smart/repo.git 2>actual
|
||||
test_cmp expect actual
|
||||
'
|
||||
|
||||
test -n "$GIT_TEST_LONG" && test_set_prereq EXPENSIVE
|
||||
|
||||
test_expect_success EXPENSIVE 'create 50,000 tags in the repo' '
|
||||
|
||||
Reference in New Issue
Block a user